This rule is designed to detect potentially malicious PDF attachments that contain links to ClickUp documents. Specifically, it identifies attachments that either redirect to pages that are no longer available or contain embedded links that lead to newly registered or suspicious domains. The criteria for detection include verifying that the attachment is a single PDF file and reviewing the URLs within for characteristics typically associated with phishing attacks, such as links to free file hosts, URL shorteners, or pages associated with credential theft. The rule employs various analysis methods, including document inspection, organization domain filtering, and link analysis features to identify possible red flags in the embedded links, leading to websites that may be designed for phishing or evasion techniques. In cases where collected links contain terms associated with call-to-action language or engage in misdirection (like redirecting to well-known domains following an initial link), the rule flags these for potential security threats, recommending appropriate responses to mitigate risks.